Cyber Threat Report: Zoom Security Exploit

Zoom, the video conference giant, continues to face security problems. SearchPilot’s Product Vice President Tom Anthony revealed that hackers were able to hack Zoom’s private meeting passwords within minutes. Zoom’s web client did not limit the number of attempts to enter the default 6-digit passcode. Cybercriminals were able to brute-force their entry into password-protected meetings due to this. Anthony tested his theory and reported it to Zoom. The bug has since been fixed. Zoom stated that they had “improved rate-limiting and addressed the CSRF token problems, and relaunched their web client.” “The issue was resolved completely.” Anthony’s complete report on Zoom Security Exploit can be found here.

There were previously security problems with Zoom: An exploit that allowed remote execution of zero-day remote code (April), a security loophole that allowed anyone remotely to spy on unprotected active meetings in January (January), more than 500,000 Zoom accounts being sold on the Dark Web (April), as well as a zero day vulnerability in the web conference client (early- July).

Video conferencing platforms have seen a dramatic increase in use since the outbreak of coronavirus. TrustRadius reports that the web and video conferencing categories for business technology have seen a 500% increase of buyer activity since the Covid-19 epidemic. 67% of companies also increased their video conferencing spending strategies.

Video conferencing is changing the way we communicate and is becoming a more powerful tool. It is also a security risk. Smart defense can help you keep your data, systems and information safe. These are our top tips for video conference:

Training staff

When it comes to video collaboration, your organization should provide adequate training for all employees and educational resources. You should cover security settings, equipment that should be turned on or off at the start and end of each call, expectations and etiquette, and video conferencing.

Password protect your meetings

To protect your video conference and protect any information shared, passwords should be required for all meetings. You can create a password using video conferencing software. Make it long and complex, with special characters, numbers, letters and letters. You should use different passwords for each account.

Verify your attendees

Double-check your invites for meetings. Use the “waiting room” to verify that each person is authenticating before the meeting begins. You should immediately kick out any unauthorized users. After everyone has joined, lock the meeting.

Shared links should be avoided

Verify that you are familiar with the sender before accepting an invitation to a meeting. Before you click on a link, make sure to double-check it. You can do this by hovering over the link. You will see the correct URL in the lower left corner of your browser.

Use a random generated ID

A generated ID will be used for the meeting. This will ensure that your personal meeting ID is safe and cannot be stolen.

File sharing is not allowed (when applicable).

File sharing is a powerful tool but an attacker can use it to send malicious documents to unwitting users. Be careful before opening documents that you don’t trust.

Check your security settings

Video conferencing should only be used for business purposes. You shouldn’t use a free service if you don’t have an enterprise plan. These basic plans lack the necessary administrative tools that provide additional security.

Keep checking your conference platform for new updates

There are always new vulnerabilities being discovered. The more current your application is, you can be more secure against them.

Leave a Comment